Steal only one set of hash then passthrough

[obilodeau]

Our current NTLM capture mode is disruptive if used during a pentest because a MITM-ed client will not be able to reach the intended server at all. The type of things you need to avoid in pentests at all costs.

It would be nice if we could have knowledge about which destination server we already stolen a hash from and then enter a complete passthrough mode for these.